re PR sanitizer/80348 (UBSAN: compile time crash in ubsan_instrument_division)

	PR sanitizer/80348
	* typeck.c (cp_build_binary_op): Use NULL_TREE instead of NULL.  Set
	ORIG_TYPE earlier and not only when shortening.

	* g++.dg/ubsan/div-by-zero-3.C: New test.

From-SVN: r246812

4 files changed, 43 insertions, 11 deletions

diff --git a/gcc/cp/ChangeLog b/gcc/cp/ChangeLog
index ee8de4c..0a19eaa 100644
--- a/gcc/cp/ChangeLog
+++ b/gcc/cp/ChangeLog
@@ -1,3 +1,9 @@
+2017-04-10  Marek Polacek  <polacek@redhat.com>
+
+	PR sanitizer/80348
+	* typeck.c (cp_build_binary_op): Use NULL_TREE instead of NULL.  Set
+	ORIG_TYPE earlier and not only when shortening.
+
 2017-04-07  Jason Merrill  <jason@redhat.com>
 
 	PR c++/80356 - ICE with reference to function template argument.
diff --git a/gcc/cp/typeck.c b/gcc/cp/typeck.c
index 65a3435..7aee0d6 100644
--- a/gcc/cp/typeck.c
+++ b/gcc/cp/typeck.c
@@ -4105,7 +4105,7 @@ cp_build_binary_op (location_t location,
 
   /* Data type in which the computation is to be performed.
      In the simplest cases this is the common type of the arguments.  */
-  tree result_type = NULL;
+  tree result_type = NULL_TREE;
 
   /* Nonzero means operands have already been type-converted
      in whatever way is necessary.
@@ -4121,7 +4121,6 @@ cp_build_binary_op (location_t location,
   tree final_type = 0;
 
   tree result, result_ovl;
-  tree orig_type = NULL;
 
   /* Nonzero if this is an operation like MIN or MAX which can
      safely be computed in short if both args are promoted shorts.
@@ -4153,7 +4152,7 @@ cp_build_binary_op (location_t location,
   bool doing_shift = false;
 
   /* Tree holding instrumentation expression.  */
-  tree instrument_expr = NULL;
+  tree instrument_expr = NULL_TREE;
 
   if (code == TRUTH_AND_EXPR || code == TRUTH_ANDIF_EXPR
       || code == TRUTH_OR_EXPR || code == TRUTH_ORIF_EXPR
@@ -5042,6 +5041,10 @@ cp_build_binary_op (location_t location,
       return tmp;
     }
 
+  /* Remember the original type; RESULT_TYPE might be changed later on
+     by shorten_binary_op.  */
+  tree orig_type = result_type;
+
   if (arithmetic_types_p)
     {
       bool first_complex = (code0 == COMPLEX_TYPE);
@@ -5138,7 +5141,6 @@ cp_build_binary_op (location_t location,
 
       if (shorten && none_complex)
 	{
-	  orig_type = result_type;
 	  final_type = result_type;
 	  result_type = shorten_binary_op (result_type, op0, op1,
 					   shorten == -1);
@@ -5218,13 +5220,10 @@ cp_build_binary_op (location_t location,
 	     original result_type.  */
 	  tree cop0 = op0;
 	  tree cop1 = op1;
-	  if (orig_type != NULL_TREE)
-	    {
-	      if (TREE_TYPE (cop0) != orig_type)
-		cop0 = cp_convert (orig_type, op0, complain);
-	      if (TREE_TYPE (cop1) != orig_type)
-		cop1 = cp_convert (orig_type, op1, complain);
-	    }
+	  if (TREE_TYPE (cop0) != orig_type)
+	    cop0 = cp_convert (orig_type, op0, complain);
+	  if (TREE_TYPE (cop1) != orig_type)
+	    cop1 = cp_convert (orig_type, op1, complain);
 	  instrument_expr = ubsan_instrument_division (location, cop0, cop1);
 	}
       else if (doing_shift && (flag_sanitize & SANITIZE_SHIFT))
diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog
index 1c5d5ba..8df659e 100644
--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
@@ -1,3 +1,8 @@
+2017-04-10  Marek Polacek  <polacek@redhat.com>
+
+	PR sanitizer/80348
+	* g++.dg/ubsan/div-by-zero-3.C: New test.
+
 2017-04-10  Bin Cheng  <bin.cheng@arm.com>
 
 	PR tree-optimization/80153
diff --git a/gcc/testsuite/g++.dg/ubsan/div-by-zero-3.C b/gcc/testsuite/g++.dg/ubsan/div-by-zero-3.C
new file mode 100644
index 0000000..589dd25
--- /dev/null
+++ b/gcc/testsuite/g++.dg/ubsan/div-by-zero-3.C
@@ -0,0 +1,22 @@
+// PR sanitizer/80348
+// { dg-do compile }
+// { dg-options "-fsanitize=integer-divide-by-zero" }
+
+extern long long int i;
+void
+fn1 ()
+{
+  (0 >= 10253361740180 >= long (0 >= 0)) % i;
+}
+
+void
+fn2 ()
+{
+  0 / unsigned (!(0 - 3) >= (0 > 0));
+}
+
+void
+fn3 ()
+{
+  (0 < 0 >= (0 < 0 < 0)) % (unsigned (2) << 0);
+}